Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A whitepaper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.

Reliable, secure data can be lost in a variety of ways, from a missing laptop to natural disasters that destroys data centers and other electronic data storage facilities. More organizations are realizing the need to focus explicitly on data risk management that helps them consider a complete risk picture of data protected in order to highlight areas where negative risks can be mitigated and positive risks can be leveraged. Effective data risk management requires processes and procedures to coordinate the effort across the entire organization.

The IBM white paper highlights how past approaches to data risk management have focused on reacting to negative risks, such as hacking and system failures. However, this method of compartmentalizing risks is not as effective as business-oriented, holistic approaches. With a holistic approach, data risk policies and procedures should be built into business systems and processes to make data risk management more transparent. Also, to optimize data management, data should be prioritized in order of importance and redundancies should be eliminated. A good data risk management program should address the risks inherent when data is at rest in storage, in motion on the network, and in use on the desktop.

Additionally, the whitepaper states that data risk management standards and practices should:

  • Define the scope of risk analysis based on infrastructure and technology,
  • Identify and define threats and risks,
  • Assess the likelihood of occurrence and impact of risks,
  • Evaluate the quality of existing controls,
  • Assess risks and determine responses,
  • Develop, test, and implement plans for risk treatment,
  • Provide ongoing monitoring and feedback, and
  • Address the opportunities identified.

Click below to download the publication.